MASM32编程通过WMI获取Windows计划任务
上回MASM32编程使用了Windows系统提供的API函数:NetScheduleJobEnum()来枚举Windows计划任务(详见 MASM32编程枚举Windows计划任务,http://blog.csdn.net/Purpleendurer/archive/2009/11/05/4774148.aspx),这次通过WMI来实现。
需要注意的是:不管是通过WMI,还是使用API函数NetScheduleJobEnum(),都只能枚举使用Win32_ScheduledJob类别或At.exe实用程序创建的计划任务。
所以 pe_xscan 在扫描计划任务时使用的是另外一种方法:-D
完整的代码如下:
(源代码+EXE下载:
1、http://download.csdn.net/source/2260122
2、http://purpleendurer.ys168.com)
;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
; 文 件 名:WmiScheduleJob.asm (控制台程序)
; 功 能: 通过WMI获取计划任务
; 注 意:通过WMI只能枚举使用Win32_ScheduledJob类别
; 或At.exe实用程序创建的计划任务。
; 开发环境:Win XP PRO SP3 + MASM32 v8
; 作 者:PurpleEndurer, 2010-04-19,广西河池
;
; log
; --------------------------------------------------
; 2010-04-18 完成
; 2010-04-09 开始编写
;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
.586
.MODEL FLAT,STDCALL
OPTION CASEMAP:NONE
INCLUDE /masm32/include/windows.inc
INCLUDE /masm32/include/kernel32.inc
INCLUDELIB /masm32/lib/kernel32.lib
INCLUDE /masm32/include/ole32.inc
INCLUDELIB /masm32/lib/ole32.lib
INCLUDE /masm32/include/user32.inc
INCLUDELIB /masm32/lib/user32.lib
INCLUDE /masm32/include/masm32.inc
INCLUDELIB /masm32/lib/masm32.lib
EnumScheduleJob proto
;ssssssssssssssssssssssss
;.const
;ssssssssssssssssssssssss
EOAC_NONE EQU 0
COINIT_MULTITHREADED equ 00h
; located in RpcDce.h
RPC_C_AUTHN_LEVEL_DEFAULT EQU 0
RPC_C_IMP_LEVEL_DEFAULT EQU 0
RPC_C_IMP_LEVEL_IMPERSONATE EQU 3
GUID2 STRUC
dd1 DWORD ?
dw1 WORD ?
dw2 WORD ?
db1 BYTE ?
db2 BYTE ?
db3 BYTE ?
db4 BYTE ?
db5 BYTE ?
db6 BYTE ?
db7 BYTE ?
db8 BYTE ?
GUID2 ENDS
IWbemLocator STRUCT
lpVtbl DWORD ?
IWbemLocator ENDS
IWbemLocatorVtbl STRUCT
QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
ConnectServer DWORD ?
IWbemLocatorVtbl ENDS
IWbemServices STRUCT
lpVtbl DWORD ?
IWbemServices ENDS
IWbemServicesVtbl STRUCT
QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
OpenNamespace DWORD ?
CancelAsyncCall DWORD ?
QueryObjectSink DWORD ?
GetObject DWORD ?
GetObjectAsync DWORD ?
PutClass DWORD ?
PutClassAsync DWORD ?
DeleteClass DWORD ?
DeleteClassAsync DWORD ?
CreateClassEnum DWORD ?
CreateClassEnumAsync DWORD ?
PutInstance DWORD ?
PutInstanceAsync DWORD ?
DeleteInstance DWORD ?
DeleteInstanceAsync DWORD ?
CreateInstanceEnum DWORD ?
CreateInstanceEnumAsync DWORD ?
ExecQuery DWORD ?
ExecQueryAsync DWORD ?
ExecNotificationQuery DWORD ?
ExecNotificationQueryAsync DWORD ?
ExecMethod DWORD ?
ExecMethodAsync DWORD ?
IWbemServicesVtbl ENDS
IEnumWbemClassObject STRUCT
lpVtbl DWORD ?
IEnumWbemClassObject ENDS
IEnumWbemClassObjectVtbl STRUCT
QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
Reset DWORD ?
Next DWORD ?
NextAsync DWORD ?
Clone DWORD ?
Skip DWORD ?
IEnumWbemClassObjectVtbl ENDS
IWbemClassObject STRUCT
lpVtbl DWORD ?
IWbemClassObject ENDS
IWbemClassObjectVtbl STRUCT
QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
GetQualifierSet DWORD ?
Get DWORD ?
Put DWORD ?
Delete DWORD ?
GetNames DWORD ?
BeginEnumeration DWORD ?
Next DWORD ?
EndEnumeration DWORD ?
GetPropertyQualifierSet DWORD ?
GetObjectText DWORD ?
SpawnDerivedClass DWORD ?
SpawnInstance DWORD ?
CompareTo DWORD ?
GetPropertyOrigin DWORD ?
InheritsFrom DWORD ?
GetMethod DWORD ?
PutMethod DWORD ?
DeleteMethod DWORD ?
BeginMethodEnumeration DWORD ?
NextMethod DWORD ?
EndMethodEnumeration DWORD ?
GetMethodQualifierSet DWORD ?
GetMethodOrigin DWORD ?
IWbemClassObjectVtbl ENDS
;ssssssssssssssssssssssss
.DATA
;ssssssssssssssssssssssss
g_wszNameSpace word "r", "o", "o", "t", "/", "c", "i", "m", "v", "2", 0
g_wszQueryLanguage word "W", "Q", "L", 0
WBEM_FLAG_CONNECT_USE_MAX_WAIT EQU 80h
WBEM_FLAG_FORWARD_ONLY EQU 20h
WBEM_FLAG_RETURN_IMMEDIATELY EQU 10h
WBEM_INFINITE EQU -1
WBEM_E_INVALID_QUERY EQU 80041017h
WBEM_E_INVALID_QUERY_TYPE EQU 80041018h
IID_IWbemLocator GUID2 <0dc12a687h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
IID_IEnumWbemClassObject GUID2 <027947e1h,0d731h,011ceh,0a3h,057h,000h,000h,000h,000h,000h,001h>
IID_IWbemClassObject GUID2 <0dc12a681h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
; located in WbemProv.h
CLSID_WbemAdministrativeLocator GUID2 <0cb8555cch,09128h,011d1h,0adh,09bh,000h,0c0h,04fh,0d8h,0fdh,0ffh>
locator IWbemLocator <>
service IWbemServices <>
enumerator IEnumWbemClassObject <>
processor IWbemClassObject <>
retCount DWORD ?
var_val DWORD ?
DWORD ?
DWORD ?
DWORD ?
g_szAppInfo db "通过WMI获取计划任务信息", 0dh ,0ah
db "作 者:PurpleEndurer, 2010-04-19,广西河池", 0dh ,0ah, 0
g_wszSelectWin32_ScheduledJob WORD "S","E","L","E","C","T"," ","*"," ","F","R","O","M"," "
g_wszWin32_ScheduledJob WORD "W", "i", "n", "3", "2", "_", "S", "c", "h", "e", "d", "u", "l", "e", "d", "J", "o", "b", 0
g_szJobID db 0dh, 0ah, "Job ID: ", 0
g_wszJobID word "J", "o", "b", "I", "D", 0
g_szCommand db "Command: ", 0
g_wszCommand word "C", "o", "m", "m", "a", "n", "d", 0
g_szJobStatus db "Job Status: ", 0 ;Success
g_wszJobStatus word "J", "o", "b", "S", "t", "a", "t", "u", "s", 0
g_szStartTime db "Start Time: ", 0 ;********215000.000000+480
;时间前有八个星号是WMIC的特性,其显示时间的方式是YYYYMMDDHHMMSS.MMMMMM+时区,
;但我们并不需要指定年月日,所以用*星号来替代
g_wszStartTime word "S", "t", "a", "r", "t", "T", "i", "m", "e", 0
g_szPerSCr db "%S"
g_szCrLf db 0dh, 0ah, 0
g_szPerXCr db "%x", 0dh, 0ah, 0
g_szFail db "Fail", 0dh, 0ah, 0
;ssssssssssssssssssssssss
.CODE
;ssssssssssssssssssssssss
start:
invoke CoInitializeEx, NULL, COINIT_MULTITHREADED
invoke CoInitializeSecurity, NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT,/
RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL
invoke CoCreateInstance, ADDR CLSID_WbemAdministrativeLocator, NULL,/
CLSCTX_INPROC_SERVER, ADDR IID_IWbemLocator, ADDR locator
invoke StdOut, ADDR g_szAppInfo
invoke EnumScheduleJob
invoke CoUninitialize
invoke ExitProcess, 0
;======================================================
wmiConnectServer proc
;======================================================
mov esi, locator
lodsd
push OFFSET service
push NULL
push NULL
push WBEM_FLAG_CONNECT_USE_MAX_WAIT
push NULL
push NULL
push NULL
push OFFSET g_wszNameSpace
push DWORD PTR [locator]
call DWORD PTR [eax][IWbemLocatorVtbl.ConnectServer]
ret
wmiConnectServer endp
;======================================================
wmiExecQuery proc lpwszSQL: LPWSTR
;======================================================
mov esi, service
lodsd
push OFFSET enumerator
push NULL
push WBEM_FLAG_FORWARD_ONLY or WBEM_FLAG_RETURN_IMMEDIATELY
push lpwszSQL
push OFFSET g_wszQueryLanguage
push DWORD PTR [service]
call DWORD PTR [eax][IWbemServicesVtbl.ExecQuery]
ret
wmiExecQuery endp
;======================================================
wmiNext proc
;======================================================
mov esi, enumerator
lodsd
push OFFSET retCount
push OFFSET processor
push TRUE
push WBEM_INFINITE
push DWORD PTR [enumerator]
call DWORD PTR [eax][IEnumWbemClassObjectVtbl.Next]
ret
wmiNext endp
;======================================================
wmiGet proc lpwszItem: LPWSTR
;======================================================
mov esi, processor
lodsd
push NULL
push NULL
push OFFSET var_val
push 0
push lpwszItem
push DWORD PTR [processor]
call DWORD PTR [eax][IWbemClassObjectVtbl.Get]
ret
wmiGet endp
;======================================================
writeWmiStr proc lpszItem: LPSTR, lpwszItem: LPWSTR, lpszFmt: LPSTR
;======================================================
LOCAL szbuf[256]: byte
invoke StdOut, lpszItem
invoke wmiGet, lpwszItem
test eax, eax
.if ZERO?
invoke wsprintf, ADDR szbuf, lpszFmt, [var_val + 8]
invoke StdOut, ADDR szbuf
.else
invoke StdOut, ADDR g_szFail
.endif
ret
writeWmiStr endp
;======================================================
EnumScheduleJob proc
;======================================================
invoke wmiConnectServer
test eax, eax
jnz @EnumScheduleJobRet
invoke wmiExecQuery, OFFSET g_wszSelectWin32_ScheduledJob
test eax, eax
jnz @EnumScheduleJobRet
@EnumScheduleJobNext1:
invoke wmiNext
test eax, eax
jnz @EnumScheduleJobRet
;.if retCount==0
; jmp @EnumScheduleJobRet
;.endif
invoke writeWmiStr, ADDR g_szJobID, ADDR g_wszJobID, ADDR g_szPerXCr
invoke writeWmiStr, ADDR g_szCommand, ADDR g_wszCommand, ADDR g_szPerSCr
invoke writeWmiStr, ADDR g_szJobStatus, ADDR g_wszJobStatus, ADDR g_szPerSCr
invoke writeWmiStr, ADDR g_szStartTime, ADDR g_wszStartTime, ADDR g_szPerSCr
jmp @EnumScheduleJobNext1
@EnumScheduleJobRet:
ret
EnumScheduleJob endp
END start